package com.jyl.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;

@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {

    //配置安全拦截策略
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //链式配置拦截策略
        http.csrf().disable()//关闭csrg跨域检查
                .authorizeRequests()
                .antMatchers("/mobile/**").hasAuthority("mobile") //配置资源权限
                .antMatchers("/salary/**").hasAuthority("salary")
                .antMatchers("/common/**").permitAll() //common下的请求直接通过
                .antMatchers("/**.html","/js/**","/css/**","/img/**").permitAll()
                .anyRequest().authenticated() //其他请求需要登录
                .and()
                .formLogin()
                .loginPage("/index.html")
                .loginProcessingUrl("/login/login")
                .defaultSuccessUrl("/main.html")
                .permitAll();//指定登陆成功后的跳转地址-页面重定向
                //.successForwardUrl("/XXXX")//指定登陆成功后的跳转URL -后端跳转


    }


}
